The hype around GDPR is making companies nervous, especially those who have any business interests in the EU. And, as the enforcement day is approaching, organizations are coming to terms with the fact that it won’t be business as usual. If you’re unfamiliar with GDPR, check out our GDPR Cheat Sheet: Top 10 Things to Know.
One of the founding principles of GDPR is that individuals are the ultimate owner of their personal data. And, at no point can data controllers claim ownership of an individual’s personal data. This article highlights how GDPR will alter the employer – employee relationship.
Setting Guidelines for Data Erasure
One of the most significant changes under GDPR is the right to be forgotten. In other words, an employee could ask to erase personal data from the employer’s system. The rule would apply if:
- the employee thinks that the data collected by the employer is no longer needed
- the employee withdraws the consent to store the data anymore
- the employee doesn’t know the purpose for which the data was collected
In turn, the onus is on employers to honor such request or present a legitimate reason to reject them.
Auditing Employment Contracts and Consent Forms
GDPR mandates employers to review contracts of EU employees to ensure consistency with the new rules. Also, employers must get employee consent in clear and unambiguous words. Further, companies must seek permission from employees to collect data for a specific purpose and cannot process it for any other reason.
Facilitating Data Portability to Employees
Employees have the right to reuse their personal data from one system to another. Employers must enable IT platforms for where employees can copy, move, or transfer their personal data from one system to another.
Defining the Process to Withdraw Consent
Employers must create a process for their employees to withdraw consent and must ensure employees are aware of this process.
Developing a Clear Communication Strategy
HR departments need to have a transparent communication strategy for employees. HR leaders need to take ownership in providing detailed information to employees about:
- any personal data that is transferred to another country
- How long the data will be stored
- what safeguards are put in place to ensure the safety of their data
Notifying Data Breach to Employees
It is mandatory for employers to report a data breach to concerned authorities within 72 hours. But in cases where the breach exposes employees to high risk, employers must directly inform their employees as well.
Conclusion
For companies, implementing GDPR means an overhaul and update to the HR and IT functions. Choosing a software tool like Mihi can give a leg up in bridging the gap.
Do you have questions about GDPR compliance? We would love to hear them. Please get in touch with us at +1 (408) 703-0455 or info@mihi.com. If you don’t want to miss critical updates, subscribe to our blog. We send relevant news and articles to your inbox.